Lucene search

K
gentooGentoo FoundationGLSA-201206-03
HistoryJun 15, 2012 - 12:00 a.m.

Opera: Multiple vulnerabilities

2012-06-1500:00:00
Gentoo Foundation
security.gentoo.org
37

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.923 High

EPSS

Percentile

98.9%

Background

Opera is a fast web browser that is available free of charge.

Description

Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact.

A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information.

A physically proximate attacker may be able to access an email account.

Workaround

There is no known workaround at this time.

Resolution

All Opera users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-client/opera-12.00.1467"
OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-client/opera< 12.00.1467UNKNOWN

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.923 High

EPSS

Percentile

98.9%